Commit Message

ipt_CLUSTERIP users might hit this annoying printk, if they forgot an
"iptables -I INPUT -m state --state INVALID -j DROP" before CLUSTERIP
rule. We could use net_ratelimit() here, or not log the message at all.
I chose to log it once per config.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Comments

Hi Eric,
On 13/01/11 12:13, Eric Dumazet wrote:
> ipt_CLUSTERIP users might hit this annoying printk, if they forgot an> "iptables -I INPUT -m state --state INVALID -j DROP" before CLUSTERIP> rule. We could use net_ratelimit() here, or not log the message at all.> I chose to log it once per config.
I think that this should be converted to pr_debug() instead, there's
also another reference to "unknown protocol" that should be converted as
well.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

On 13.01.2011 12:23, Pablo Neira Ayuso wrote:
> Hi Eric,> > On 13/01/11 12:13, Eric Dumazet wrote:>> ipt_CLUSTERIP users might hit this annoying printk, if they forgot an>> "iptables -I INPUT -m state --state INVALID -j DROP" before CLUSTERIP>> rule. We could use net_ratelimit() here, or not log the message at all.>> I chose to log it once per config.> > I think that this should be converted to pr_debug() instead, there's> also another reference to "unknown protocol" that should be converted as> well.
I think the FIXME could also be removed, we *do* drop invalid
packets in CLUSTERIP.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

On 13/01/11 12:28, Patrick McHardy wrote:
> On 13.01.2011 12:23, Pablo Neira Ayuso wrote:>> Hi Eric,>>>> On 13/01/11 12:13, Eric Dumazet wrote:>>> ipt_CLUSTERIP users might hit this annoying printk, if they forgot an>>> "iptables -I INPUT -m state --state INVALID -j DROP" before CLUSTERIP>>> rule. We could use net_ratelimit() here, or not log the message at all.>>> I chose to log it once per config.>>>> I think that this should be converted to pr_debug() instead, there's>> also another reference to "unknown protocol" that should be converted as>> well.> > I think the FIXME could also be removed, we *do* drop invalid> packets in CLUSTERIP.
Hey! You're back! :-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html